Which can also be done via CFHTTP as well. ;) Not trying to be a jerk here - but the fact is, there is no (afaik) 100% way to say that a URL is "ajax" only.
On Mon, Aug 16, 2010 at 11:51 AM, Andy Matthews <[email protected]> wrote: > > Right. I know that. Good point though. > > I suppose I could get our JS guy to also pass in a session id. Then I could > compare that with the actual session ID for the user and go from there. > > -----Original Message----- > From: Raymond Camden [mailto:[email protected]] > Sent: Monday, August 16, 2010 11:42 AM > To: cf-talk > Subject: Re: Preventing use of remote method by other sites > > > Sorry - what? Oh - are you asking if I would know to use that vector? > If I run your site and see a request made via XHR to foo.cfm, and then I try > to run it myself in another tab and get blocked, then yes, I would consider > that. And I'm a "Script Kiddy Hacker" so I assume the real guys would try it > too. > > Shoot - I almost always try the URLs I see in Firebug/Chrome Dev tools. I'm > not trying to be malicious of course. Just poking around. > > > On Mon, Aug 16, 2010 at 11:34 AM, Andy Matthews <[email protected]> > wrote: >> >> Yes, but would you know TO do that? >> >> >> andy >> >> -----Original Message----- >> From: Raymond Camden [mailto:[email protected]] >> Sent: Monday, August 16, 2010 11:30 AM >> To: cf-talk >> Subject: Re: Preventing use of remote method by other sites >> >> >> Don't forget you can easily set those headers yourself. I could setup >> cfhttp to use that header and hit your resource. >> >> >> On Fri, Aug 13, 2010 at 3:31 PM, Andy Matthews >> <[email protected]> >> wrote: >>> >>> Works perfectly Tony. I simplified the conditional tho' >>> >>> <cfif StructKeyExists(headers,'X-Requested-With') AND >>> headers['X-Requested-With'] EQ 'XMLHttpRequest'> >>> >>> </cfif> >> >> >> >> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336301 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
